Guidelines For Designing Security Shrines

By Author: Jasmine
Total Articles: 286
Comment this article

Disable this setting to prevent an anonymous user from requesting microsoft exams security IDs (SIDs) of other users or using a SID to gain a user name. If this setting is enabled, for example, an anony?mous user can use the well-known local administrator SID to determine its account name. You should change the name of the administrator account to make it more difficult for password-cracking attacks to occur.
Enable both of these settings to prevent enumeration of local client computer accounts and client computer shares. If an attacker can enumerate accounts, he has the information he needs to mount a password-cracking attack. If an attacker can enumerate share names, he can begin an attack on the shares. Many vulnerability scanning and auditing security programs require that File And Printer Sharing be enabled on the client computer. By obscuring the shares, you at least make it more difficult for any attacks to occur.
Enable this setting to block anonymous user access to named pipes and shares. Named Pipes are communication connection points that are used by programs such ...
... as Microsoft SQL Server and others. Authenticated connections will still be allowed.
The LAN manager password hash is easily attacked. By removing any storage of this credential, you reduce the ability of an attacker to compromise an account.
Use this setting to determine how free certification exam questions are used for network authentication. Settings on the client must be synchronized with the settings made at the domain and server level. If they are not, domain authentication to the domain or to local server accounts might not work.
Use this setting to determine a session's security level for compatible applications. Settings on the client must be synchronized with the settings made at the domain and server level.
Disable this option, which would allow anyone to log on as Administrator simply by using the Recovery Console.
Enable this setting to clear the page file at shutdown and thus remove any sensitive information that might have been placed there. The information in the page file might include things such as passwords and plaintext (not encrypted) versions of EFS encrypted files.
Records failed attempts at use of privileges that are not assigned. This can produce many records that might not be of value on ordi?nary client systems, hut records of failed attempts at privilege use on sensitive systems are of value.
Tracks systems events, which are things such as shutdown and restart. These events can he the results of attempted or actual attacks, hut this policy more likely will just he recording normal usage. Client systems are often shut down at the end of the day, and monitoring system events might result in many hours of 70-680 effort to produce insig?nificant results.